Released July 5, 2017
+- **[Security advisories](#security)**
- **[Features](#features)**
- **[Bugs resolved](#bugs)**
- **[Miscellany](#misc)**
- **[Credits](#credits)**
+## <a name="security"></a>Security advisories
+
+- **[CIVI-SA-2017-01](https://civicrm.org/advisory/civi-sa-2017-01-pingback-url-not-encrypted)** Pingback URL not encrypted
+- **[CIVI-SA-2017-02](https://civicrm.org/advisory/civi-sa-2017-02-privilage-escalation-via-leaked-key)** Privilage escalation via leaked key
+- **[CIVI-SA-2017-03](https://civicrm.org/advisory/civi-sa-2017-03-cross-site-scritping-in-the-recently-viewed-block)** Cross-site scripting in "Recently Viewed" block
+- **[CIVI-SA-2017-04](https://civicrm.org/advisory/civi-sa-2017-04-incorrect-escaping-for-on-behalf-of-block)** Incorrect escaping for "On Behalf Of" block
+- **[CIVI-SA-2017-05](https://civicrm.org/advisory/civi-sa-2017-05-incorrect-escaping-for-search-results-column)** Incorrect escaping for "Search Results" column
+- **[CIVI-SA-2017-06](https://civicrm.org/advisory/civi-sa-2017-06-incorrect-escaping-in-drupal-views-integration)** Incorrect escaping in Drupal Views integration
+- **[CIVI-SA-2017-07](https://civicrm.org/advisory/civi-sa-2017-07-insuffient-permission-check-in-mailing-report)** Insuffient permission-check in mailing report
+- **[CIVI-SA-2017-08](https://civicrm.org/advisory/civi-sa-2017-08-upgrade-multiple-js-libraries)** Upgrade multiple JS libraries
+
+
## <a name="features"></a>Features
### Core CiviCRM
- **[CRM-20561](https://issues.civicrm.org/jira/browse/CRM-20561) Load
Net_SMTP, Auth_SASL, Net_Socket via Composer
([10384](https://github.com/civicrm/civicrm-core/pull/10384),
- [4](https://github.com/civicrm/civicrm-core/pull/4),
+ [3](https://github.com/seamuslee001/civicrm-core/pull/3),
+ [4](https://github.com/seamuslee001/civicrm-core/pull/4),
[10385](https://github.com/civicrm/civicrm-core/pull/10385),
[185](https://github.com/civicrm/civicrm-packages/pull/185), and
[186](https://github.com/civicrm/civicrm-packages/pull/186))**
- **(NFC) Attribution Chirojeugd Vlaanderen
([10519](https://github.com/civicrm/civicrm-core/pull/10519))**
-- **[CRM-8597](https://issues.civicrm.org/jira/browse/CRM-8597) PHP strict
- warning: Only variables should be assigned by reference.
- ([3](https://github.com/civicrm/civicrm-core/pull/3))**
-
- Instances of `$SVNROOT` are now replaced by `$CIVISOURCEDIR`.
-
- **[CRM-20620](https://issues.civicrm.org/jira/browse/CRM-20620) Use batch api
to retrieve all the batches
([10397](https://github.com/civicrm/civicrm-core/pull/10397))**